In this issue:

• How to spot fake email addresses

• Threat of the week: SuperCard X scam on Android phones

• Let me know if there’s a topic you want me to cover

How to spot fake email addresses

As promised in last week's article about spam, I wanted to show you how to view and spot fake email addresses in case something is not caught by your email provider's spam filters. Next week I'll write an article on how to spot fake emails.

It's possible that a legitimate company's email system has been hacked by a criminal to send out scam emails. Because the email domain is valid, the spam filter may not have picked up the hack.

Don't ever click anything in the fake email or try to unsubscribe from it because then the criminal knows your email address is valid. If your email system has the ability to mark something as spam, do that.

Every email program and application show email addresses differently. To see the full email address, look in the application's help for "how to see the sender email address".

Sometimes criminals create new domains to fake legitimate companies, such as "emailstatefarm.com", but those are quickly found and closed down. If something seems suspect, assume it is fake and don't click or reply to it.

In the following iPhone example, I show where someone created a fake State Farm email. It doesn't have the statefarm.com domain so I know for certain that it's fake.

iPhone mail app:

1. Tap the From name. It shows an abbreviated email address.
   

   

2. Tap the email a second time to see the email address.

Android Gmail app:

1. At the top of the email, click the little arrow next to the to line.
   

   

2. A pop-up will display with the sender's email address, the reply-to address, security of the email, and more information.

Remember, your email provider is not going to be able to identify every fake email address. It's up to you to be cautious and keep yourself cyber safe.

SuperCard X scam on Android

Beware: a single tap of a credit card or bank card to your Android phone can drain your account.

It's a little more complicated than that, but if you've downloaded an app that has the SuperCard X malware, you could lose a lot of money.

Here's how the scam works:

1. Criminals use a fake text or WhatsApp message, pretending to be from a bank, warning you of a suspicious transaction. As mentioned in my post about scam texts, be cautious of any texts or WhatsApp messages from unknown senders.

2. You are urged to call a phone number, connecting you to a scammer who poses as a bank representative.

3. The scammer convinces you to download a malicious app (often disguised as a security or verification tool), which secretly installs the SuperCard X malware.

4. The scammer instructs you to tap your credit or bank card on the phone to verify it. The malware intercepts and steals the card data via NFC (Near Field Communication is the technical capability that allows Google Pay to work at a store's credit card terminal).

5. The stolen card details are relayed to a second device controlled by the criminal, allowing them to make unauthorized contactless payments or ATM withdrawals.

Please be careful when installing any application on your phone. In the future I'll write an article on Android virus scanning apps that help to detect malware like SuperCard X.

Do you have an idea for a future newsletter? Please reply to this email and let me know.

Thank you so much!

Sincerely,
Cassie Crossley
Founder, Cyber Safe Center
https://www.cybersafecenter.com